SANS ISC InfoSec Forums

The DDOS attack against windowsupdate.com has been avoided so far due to
Microsofts decision to no longer resolve this particular hostname. Other
hosts within this domain are still accessible, so is 'windowsupdate.microsoft.com', the hostname used by Windows Update.

In the wake of this worms, at least one virus has been reported to
masquerade itself as a "Blaster Worm Fix". As always, do not execute any attachments from unknown sources.

One popup ad has been spotted which attempts to mimic the RPC error message in order to trick users into purchasing a software firewall.

Scanner False Positives

Microsoft made a scanner available which can be used by network administrators to verify remotely if machines are patched for MS03-26. We have received reports that this scanner will show Windows 98 machines as vulnerable, even though they are not.

At this point, we do recommend a followup scan with NMAP to verify the vulnerability, if no other means are available to verify if the machine is a running Windows 98.

Sample output from the scanner and nmap against a Windows 98 machines: